Differences
This shows you the differences between the selected revisions of the page.
| messages 2023-05-02 | messages 2024-05-14 (current) | ||
| Line 6: | Line 6: | ||
| ===== [[host_key]] Continue connecting to an unknown server and add its host key to a cache? ===== | ===== [[host_key]] Continue connecting to an unknown server and add its host key to a cache? ===== | ||
| - | This error message occurs when WinSCP connects to a new [[SSH]] server. Every server identifies itself by means of a host key; once WinSCP knows the host key for a server, it will be able to detect if a malicious attacker redirects your connection to another machine. | + | This message appears when WinSCP connects to a new [[SSH]] server. Every server identifies itself by means of a host key; once WinSCP knows the host key for a server, it will be able to detect if a malicious attacker redirects your connection to another machine. |
| - | &screenshotpict(message_host_key) | + | &screenshotpict(unknown_hostkey) |
| If you see this message, it means that WinSCP has not seen this host key before, and has no way of knowing whether it is correct or not. You should attempt to verify the host key by other means, such as asking the machine's administrator. ((&puttydoccite)) | If you see this message, it means that WinSCP has not seen this host key before, and has no way of knowing whether it is correct or not. You should attempt to verify the host key by other means, such as asking the machine's administrator. ((&puttydoccite)) | ||
| - | Both SHA-256 and MD5 fingerprints of the host key are shown. As both fingerprints are for the same key, it is enough to check only one of them. Checking %%SHA-256%% fingerprint is safer though. | + | If the [[faq_hostkey|host key fingerprint is correct]], press //Accept// (//Yes// in the older versions). &recent The host key will be stored to cache and you will not be prompted the next time. If you are unsure, want to defer a host key verification until later, but still need to connect now (taking a risk), select //Connect Once// in the down-menu of the //Accept// button (//No// button in the older versions). &recent The host key will not be cached and you will be prompted again the next time. If the fingerprint is not correct or if you do not know the correct fingerprint, press //Cancel// to abort connection. |
| - | If the [[faq_hostkey|host key fingerprint is correct]], press //Yes//. The host key will be stored to cache and you will not be prompted the next time. If you are unsure, want to defer a host key verification until later, but still need to connect now (taking a risk), press //No//. The host key will not be cached and you will be prompted again the next time. If the fingerprint is not correct or if you do not know the correct fingerprint, press //Cancel// to abort connection. | + | If you have the correct host key (or its fingerprint) in a digital form, instead of checking the fingerprint manually, you can select //Paste Key// in drop-down menu of //Accept// (//Yes//) &recent button to have WinSCP compare the fingerprint for you, against a fingerprint or a full key stored in the clipboard. The clipboard can contain an %%SHA-256%% or %%MD5%% fingerprint or a full key in ''.pub'' format. |
| - | + | ||
| - | If you have the correct host key (or its fingerprint) in a digital form, instead of checking the fingerprint manually, you can use //Paste Key// button (in drop-down menu of //Yes// button) to have WinSCP compare the fingerprint for you, against a fingerprint or a full key stored in the clipboard. ·The clipboard can contain an %%SHA-256%% or %%MD5%% fingerprint or a full key in ''.pub'' format. | + | |
| - | + | ||
| - | Use //Copy key fingerprints to clipboard// link to copy the fingerprints to clipboard. | + | |
| + | Use //Copy key fingerprints to clipboard// link to copy key fingerprints to clipboard (both in %%SHA-256%% format seen on the message and additionally in %%MD5%% format). | ||
| Read more about [[ssh_verifying_the_host_key|verifying host keys]]. | Read more about [[ssh_verifying_the_host_key|verifying host keys]]. | ||
| Line 26: | Line 23: | ||
| ===== [[security_breach]] Warning -- Potential security breach! ===== | ===== [[security_breach]] Warning -- Potential security breach! ===== | ||
| - | This message, followed by "The server's host key does not match the one WinSCP has in cache", means that WinSCP has connected to the SSH server before, knows what its host key should be, but has found a different one.· | + | This message, followed by //"The server's host key does not match the one WinSCP has in cache"//, means that WinSCP has connected to the SSH server before, knows what its host key should be, but has found a different one. |
| - | This may mean that a malicious attacker has replaced your server with a different one, or has redirected your network connection to their own machine. On the other hand, it may simply mean that the administrator of your server has accidentally changed the key while upgrading the SSH software; this shouldn't happen but it is unfortunately possible. Another legitimate reason for the host key change is that the address, you are connecting to, load balances to a set of SSH servers. If that's the case, use //Add// button to build a list of known host keys, instead of using //Update//. | + | You might also get the message, when you have configured WinSCP to trust a certification authority for signing host keys but the actual host key is signed by a different authority. For this scenario follow [[#certified|further below]]. |
| + | |||
| + | ==== Plain Host key ==== | ||
| + | |||
| + | The message may mean that a malicious attacker has replaced your server with a different one, or has redirected your network connection to their own machine. On the other hand, it may simply mean that the administrator of your server has accidentally changed the key while upgrading the SSH software; this shouldn't happen but it is unfortunately possible. Another legitimate reason for the host key change is that the address, you are connecting to, load balances to a set of SSH servers. If that's the case, select //Add// to build a list of known host keys, instead of using //Update//. | ||
| You should contact your server's administrator and see whether they expect the host key to have changed. If so, verify the new host key in the same way as you would if it was new. ((&puttydoccite)) | You should contact your server's administrator and see whether they expect the host key to have changed. If so, verify the new host key in the same way as you would if it was new. ((&puttydoccite)) | ||
| Read more about [[ssh_verifying_the_host_key|verifying host keys]]. | Read more about [[ssh_verifying_the_host_key|verifying host keys]]. | ||
| + | |||
| + | ==== [[certified]] Certified Host key ==== | ||
| + | |||
| + | If you've configured WinSCP to trust at least one [[ui_pref_security#authorities|certification authority for signing host keys]], then it will ask the SSH server to send it any available certified host keys. If the server sends back a certified key signed by a different certification authority, WinSCP will present this variant of the host key prompt. | ||
| + | |||
| + | One reason why this can happen is a deliberate attack. Just like an ordinary man-in-the-middle attack which substitutes a wrong host key, a particularly ambitious attacker might substitute an entire wrong certification authority, and hope that you connect anyway. | ||
| + | |||
| + | But it's also possible in some situations that this error might arise legitimately. For example, if your organisation's IT department has just rolled out a new CA key which you haven't yet entered in WinSCP's configuration, or if your CA configuration involves two overlapping domains, or something similar. | ||
| + | |||
| + | So, unfortunately, you'll have to work out what to do about it yourself: make an exception for this specific case, or abandon this connection and install a new CA key before trying again (if you're really sure you trust the CA), or edit your configuration in some other way, or just stop trying to use this server. | ||
| + | |||
| + | If you're convinced that this particular server is legitimate even though the CA is not one you trust, WinSCP will let you cache the certified host key, treating it in the same way as an uncertified one. Then that particular certificate will be accepted for future connections to this specific server, even though other certificates signed by the same CA will still be rejected.((&puttydoccite)) | ||
| ===== [[connection_refused]] Network error: Connection to "..." refused ===== | ===== [[connection_refused]] Network error: Connection to "..." refused ===== | ||
| You may get this message when connecting to a server for the following reasons: | You may get this message when connecting to a server for the following reasons: | ||
| * You are trying to use WinSCP for a purpose for which it is not designed. [[requirements|WinSCP needs]] an SSH or FTP server to be installed at the other end (on the machine you want to connect to). In particular, you cannot easily use it to connect to another Windows workstation, since Windows does not have an %%SSH%% or %%FTP%% server included by default. Please refer to the guide to [[guide_exchange|exchanging files over Internet]]. | * You are trying to use WinSCP for a purpose for which it is not designed. [[requirements|WinSCP needs]] an SSH or FTP server to be installed at the other end (on the machine you want to connect to). In particular, you cannot easily use it to connect to another Windows workstation, since Windows does not have an %%SSH%% or %%FTP%% server included by default. Please refer to the guide to [[guide_exchange|exchanging files over Internet]]. | ||
| - | * You are trying to use [[protocols|protocol]] that the server does not support. Particularly you are trying SFTP/SCP (over %%SSH%%), but the server supports %%FTP%%; or vice versa. Check selected protocol on [[ui_login#session_settings|login dialog]]. Note that WinSCP defaults to %%SFTP%% protocol, while most other similar applications default to %%FTP%%. | + | * You are trying to use [[protocols|protocol]] that the server does not support. Particularly you are trying SFTP/SCP (over %%SSH%%), but the server supports %%FTP%%; or vice versa. Check selected protocol on [[ui_login#session_settings|Login dialog]]. Note that WinSCP defaults to %%SFTP%% protocol, while most other similar applications default to %%FTP%%. |
| - | * The server is running on a non-standard port. Please make sure you enter actual port number on [[ui_login|login dialog]]. | + | * The server is running on a non-standard port. Please make sure you enter actual port number on [[ui_login|Login dialog]]. |
| * You may need to connect through a proxy server, but you have not specified one on //[[ui_login_proxy|Proxy page]]// of Advanced Site Settings dialog. | * You may need to connect through a proxy server, but you have not specified one on //[[ui_login_proxy|Proxy page]]// of Advanced Site Settings dialog. | ||
| * Connection was blocked by the firewall. Please refer to [[faq_connection_refused|FAQ]]. | * Connection was blocked by the firewall. Please refer to [[faq_connection_refused|FAQ]]. | ||
| Line 182: | Line 195: | ||
| To disable the stateful %%FTP%% filtering, in an Administrator command prompt, execute following command: | To disable the stateful %%FTP%% filtering, in an Administrator command prompt, execute following command: | ||
| - | <code> | + | <code batch> |
| - | netsh advfirewall set global StatefulFTP disable | + | netsh advfirewall <nohilite>set</nohilite> global StatefulFTP disable |
| </code> | </code> | ||
| Line 386: | Line 399: | ||
| * There's antivirus (or similar application) that starts inspecting the uploaded file, locking it while doing that, what conflicts with WinSCP attempt to rename the file. | * There's antivirus (or similar application) that starts inspecting the uploaded file, locking it while doing that, what conflicts with WinSCP attempt to rename the file. | ||
| - | To circumvent that, disable [[ui_pref_resume|transfer resume/transfer to temporary filename]]. | + | To circumvent that, disable transfer resume/transfer to temporary filename. |
| + | |||
| + | * In GUI, go to [[ui_pref_resume|//Preferences > Transfer > Endurance//]] and disable [[ui_pref_resume#temporary|//Transfer Resume / Transfer to Temporary Filename//]]. | ||
| + | * In scripting, use [[scriptcommand_put#resumesupport|''-resumesupport=off'' with ''put'' command]] (or other command that triggered the upload). | ||
| + | * In .NET assembly, use ''[[library_transferoptions#resumesupport|TransferOptions.ResumeSupport]]'' property. | ||
| ===== [[preserve_time_perm]] Upload of file .. was successful, but error occurred while setting the permissions and/or timestamp. If the problem persists, turn off setting permissions or preserving timestamp. Alternatively you can turn on 'Ignore permission errors' option. ===== | ===== [[preserve_time_perm]] Upload of file .. was successful, but error occurred while setting the permissions and/or timestamp. If the problem persists, turn off setting permissions or preserving timestamp. Alternatively you can turn on 'Ignore permission errors' option. ===== | ||
| Line 402: | Line 419: | ||
| When using [[scripting]], add [[scriptcommand_put#nopreservetime|''-nopreservetime'' switch]] to [[scriptcommand_put|''put'' command]]. If you are not running scripting with [[scripting#configuration|default isolated configuration]], you may also need to add [[scriptcommand_put#nopermissions|''-nopermissions'' switch]] (what is the default settings). | When using [[scripting]], add [[scriptcommand_put#nopreservetime|''-nopreservetime'' switch]] to [[scriptcommand_put|''put'' command]]. If you are not running scripting with [[scripting#configuration|default isolated configuration]], you may also need to add [[scriptcommand_put#nopermissions|''-nopermissions'' switch]] (what is the default settings). | ||
| - | With [[scriptcommand_synchronize|''synchronize'' command]], this works only when ''[[scriptcommand_synchronize#criteria|-criteria]]'' is ''none'' or ''size'' and it never works in ''both'' mode. | + | With [[scriptcommand_synchronize|''synchronize'' command]], this works only when ''[[scriptcommand_synchronize#criteria|-criteria]]'' lacks ''time'' and it never works in ''both'' mode. |
| ==== [[library]] .NET Assembly ==== | ==== [[library]] .NET Assembly ==== | ||
| Line 426: | Line 443: | ||
| </code> | </code> | ||
| - | With [[library_session_synchronizedirectories|''Session.SynchronizeDirectories'']], this works only when ''criteria'' parameter is ''SynchronizationCriteria.None'' or ''SynchronizationCriteria.Size'' and it never works when ''mode'' parameter is ''SynchronizationMode.Both'' (learn [[library_powershell#enums|enumeration syntax]] in PowerShell). | + | With [[library_session_synchronizedirectories|''Session.SynchronizeDirectories'']], this works only when ''criteria'' parameter lacks ''SynchronizationCriteria.Time'' and it never works when ''mode'' parameter is ''SynchronizationMode.Both'' (learn [[library_powershell#enums|enumeration syntax]] in PowerShell). |
| ==== In Other Languages ==== | ==== In Other Languages ==== | ||
| Line 479: | Line 496: | ||
| ===== [[net_system_cannot_find_file_specified]] Could not load file or assembly 'file:///...\WinSCPnet.dll' or one of its dependencies. The system cannot find the file specified. ===== | ===== [[net_system_cannot_find_file_specified]] Could not load file or assembly 'file:///...\WinSCPnet.dll' or one of its dependencies. The system cannot find the file specified. ===== | ||
| - | You may get this error when using [[library|WinSCP .NET assembly]] from restricted environments, such as [[library_ssis|SSIS]]. To use the assembly from SSIS, it needs to be [[library_install#gac|installed to GAC]]. Alternatively, you can [[library_ssis#subscribe|subscribe ''AppDomain.AssemblyResolve'' event]] to allow loading the assembly. | + | You may get this error when using [[library|WinSCP .NET assembly]] from restricted environments, such as [[library_ssis|SSIS]]. To use the assembly from SSIS, it needs to be [[library_install#gac|installed to GAC]]. Also make sure you have installed the same version that you reference in your SSIS package. Alternatively, you can [[library_ssis#subscribe|subscribe ''AppDomain.AssemblyResolve'' event]] to allow loading the assembly. |
| If the above is not your case, use [[https://learn.microsoft.com/en-us/dotnet/framework/tools/fuslogvw-exe-assembly-binding-log-viewer|Assembly Binding Log Viewer]] (''Fuslogvw.exe'') to debug assembly loading. | If the above is not your case, use [[https://learn.microsoft.com/en-us/dotnet/framework/tools/fuslogvw-exe-assembly-binding-log-viewer|Assembly Binding Log Viewer]] (''Fuslogvw.exe'') to debug assembly loading. | ||
| Line 501: | Line 518: | ||
| This is just a high-level exception. The root cause is usually stored in the ''[[dotnet>system.exception.innerexception|InnerException]]''. | This is just a high-level exception. The root cause is usually stored in the ''[[dotnet>system.exception.innerexception|InnerException]]''. | ||
| - | If you are getting this exception in SSIS, you can use ''try'' ... ''catch'' block to capture the error, as show in the [[library_ssis#example|example for using WinSCP .NET Assembly from SSIS]]. | + | If you are getting this exception in SSIS, you can use ''try'' ... ''catch'' block to capture the error, as show in the [[library_ssis#example|example for using WinSCP .NET Assembly from SSIS]]. Though this won't help if the error occurs even before the SSIS ''Main'' method is started. In this case, the actual error should be shown on the //Progress// tab of your SSIS package. Often, the root cause can be loading of ''WinSCPnet.dll'' assembly. See [[message_net_system_cannot_find_file_specified|Could not load file or assembly ‘file:///…\WinSCPnet.dll’ or one of its dependencies. The system cannot find the file specified]]. |
| - | If you cannot access the inner exception easily, inspect WinSCP session log and debug log file (''[[library_session#sessionlogpath|Session.SessionLogPath]]'', ''[[library_session#debuglogpath|Session.DebugLogPath]]''). If those file are not even created, the root cause can be loading of ''WinSCPnet.dll'' assembly. See [[message_net_system_cannot_find_file_specified|Could not load file or assembly 'file:///...\WinSCPnet.dll' or one of its dependencies. The system cannot find the file specified.]]. | + | If you do not use SSIS and you cannot access the inner exception easily, inspect WinSCP session log and debug log file (''[[library_session#sessionlogpath|Session.SessionLogPath]]'', ''[[library_session#debuglogpath|Session.DebugLogPath]]''). |
| ===== [[sessionoptions_sshhostkeyfingerprint_is_not_set]] SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but SessionOptions.SshHostKeyFingerprint is not set ===== | ===== [[sessionoptions_sshhostkeyfingerprint_is_not_set]] SessionOptions.Protocol is Protocol.Sftp or Protocol.Scp, but SessionOptions.SshHostKeyFingerprint is not set ===== | ||
| Line 525: | Line 542: | ||
| Though as with the most of session settings, if you have the site set up in WinSCP GUI, you can have it [[ui_generateurl#code|generate a code template]] for you, including the ''SessionOptions.SshHostKeyFingerprint''. | Though as with the most of session settings, if you have the site set up in WinSCP GUI, you can have it [[ui_generateurl#code|generate a code template]] for you, including the ''SessionOptions.SshHostKeyFingerprint''. | ||
| + | |||
| + | ===== [[method_not_found_eventwaithandle]] Method not found: 'Void System.Threading.EventWaitHandle..ctor(...)' ===== | ||
| + | |||
| + | Full message: | ||
| + | |||
| + | > Method not found: ‘Void System.Threading.EventWaitHandle..ctor(Boolean, System.Threading.EventResetMode, System.String, Boolean ByRef, System.Security.AccessControl.EventWaitHandleSecurity)’ | ||
| + | |||
| + | The exception can be represented as ''MethodInvocationException'' or ''MissingMethodException''. | ||
| + | |||
| + | The exception occurs, when you are trying to use .NET Framework build of the assembly in .NET [Core] code or from PowerShell [Core]. | ||
| + | |||
| + | You need to use .NET Standard build of the assembly, which is located in the ''netstandard2.0'' subfolder of ''WinSCP-X.X.X-Automation.zip'' package. | ||
| + | |||
| + | For details, learn about [[library_install#installing|installing the assembly]]. | ||
| ===== [[key_fingerprint_does_not_match]] SSH host key/TLS host certificate fingerprint "..." does not match pattern "..." ===== | ===== [[key_fingerprint_does_not_match]] SSH host key/TLS host certificate fingerprint "..." does not match pattern "..." ===== | ||